Archive
Highlighted

The exported csv file of the Splunk results is not aligned

Explorer

Hi, I have exported my search results into a csv file using Export button.
The output result contains a list of Email adresses that are field values.

But, the contents of csv file looks like below:
test@test.com email@sample.com data@test.com.....

whereas I want the output as below:
test@test.com

email@sample.com

data@test.com

I am using the below query for getting the output:
stats values(EMAILDATA) AS COMBINEDEMAIL

Output in splunk looks like below:

COMBINED_EMAIL
test@test.com

email@sample.com

data@test.com

Kindly help me with the formatting issue.

Tags (1)
0 Karma
Highlighted

Re: The exported csv file of the Splunk results is not aligned

SplunkTrust
SplunkTrust

Instead of stats values(EMAIL_DATA) creating a multi-value field, use stats count by EMAIL_DATA. Then use fields and/or rename to format the data however you like.

View solution in original post

0 Karma
Highlighted

Re: The exported csv file of the Splunk results is not aligned

Explorer

It works fine.

0 Karma
Highlighted

Re: The exported csv file of the Splunk results is not aligned

Esteemed Legend

Add this to the end of your search:

... | mvexpand COMBINED_EMAIL
0 Karma